[root@xxx-web-ec2] # pip list\nPackage Version\n------------------- ---------\nacme 2.2.0\nboto3 1.26.69\nbotocore 1.29.69\ncertbot 2.2.0\u3000\u3000\u3000\u3000\u2190\u3000\u3053\u308c\ncertbot-dns-route53 2.2.0\u3000\u3000\u3000\u3000\u2190\u3000\u3053\u308c\ncertifi 2022.12.7\ncffi 1.15.1\ncharset-normalizer 3.0.1\nConfigArgParse 1.5.3\nconfigobj 5.0.8\ncryptography 39.0.1\ndistlib 0.3.6\ndistro 1.8.0\nfilelock 3.9.0\nidna 3.4\njmespath 1.0.1\njosepy 1.13.0\nparsedatetime 2.6\npip 21.0.1\npipenv 2023.2.4\nplatformdirs 3.0.0\npycparser 2.21\npyOpenSSL 23.0.0\npyRFC3339 1.1\npython-dateutil 2.8.2\npytz 2022.7.1\nrequests 2.28.2\ns3transfer 0.6.0\nsetuptools 67.2.0\nsix 1.16.0\nurllib3 1.26.14\nvirtualenv 20.19.0\nvirtualenv-clone 0.5.7\n<\/code><\/pre>\n\u624b\u98068. IAM\u30ed\u30fc\u30eb\u3068IAM\u30dd\u30ea\u30b7\u30fc\u306e\u4f5c\u6210<\/h2>\nIAM\u30ed\u30fc\u30eb\u306e\u4f5c\u6210<\/h3>\n
\u9069\u5f53\u306b\u4f5c\u6210\u3057\u3066\u69cb\u3044\u307e\u305b\u3093\u3002<\/p>\n
IAM\u30dd\u30ea\u30b7\u30fc\u306e\u4f5c\u6210<\/h3>\n
\u30dd\u30ea\u30b7\u30fc\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306b\u4f5c\u6210\u3057\u3066\u9802\u3051\u308c\u3070\u554f\u984c\u306a\u3044\u304b\u3068\u601d\u3044\u307e\u3059\u3002
\nxxxxxxID\u3068\u3044\u3046\u90e8\u5206\u306e\u307f\u81ea\u5206\u304c\u66f4\u65b0\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u306e\u30db\u30b9\u30c8\u30be\u30fc\u30f3ID\u3092\u8a18\u8f09\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
{\n \"Version\": \"2012-10-17\",\n \"Id\": \"certbot-dns-route53 sample policy\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:ListHostedZones\",\n \"route53:GetChange\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Effect\" : \"Allow\",\n \"Action\" : [\n \"route53:ChangeResourceRecordSets\"\n ],\n \"Resource\" : [\n \"arn:aws:route53:::hostedzone\/xxxxxxID\" \n ]\n }\n ]\n}\n<\/code><\/pre>\n\u624b\u98069. SSL\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n
\u4eca\u56de\u306f test-ssl.net \u3068\u3044\u3046SSL\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u624b\u9806\u3067\u8a18\u8f09\u3057\u3066\u304a\u308a\u307e\u3059\u3002<\/p>\n
certbot --debug certonly \\\n --email 'xxx.xxx@xxx.xxx' \\\n --agree-tos \\\n --dns-route53 \\\n -d test-ssl.net \n<\/code><\/pre>\n\u4e0a\u624b\u304f\u3044\u3051\u3070\u4e0b\u8a18\u306e\u3088\u3046\u306a\u7d50\u679c\u304c\u51fa\u529b\u3055\u308c\u307e\u3059\u3002<\/p>\n
Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing, once your first certificate is successfully issued, to\nshare your email address with the Electronic Frontier Foundation, a founding\npartner of the Let's Encrypt project and the non-profit organization that\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\nEFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: Y\nAccount registered.\nRequesting a certificate for test-ssl.net\n\nSuccessfully received certificate.\nCertificate is saved at: \/etc\/letsencrypt\/live\/test-ssl.net \/fullchain.pem\nKey is saved at: \/etc\/letsencrypt\/live\/test-ssl.net \/privkey.pem\nThis certificate expires on 2023-05-14.\nThese files will be updated when the certificate renews.\n\nNEXT STEPS:\n- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https:\/\/certbot.org\/renewal-setup for instructions.\nWe were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https:\/\/act.eff.org.\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nIf you like Certbot, please consider supporting our work by:\n * Donating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\n * Donating to EFF: https:\/\/eff.org\/donate-le\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n<\/code><\/pre>\n\u624b\u980610. SSL\u8a3c\u660e\u66f8\u306e\u78ba\u8a8d<\/h2>\n
\u767a\u884c\u3055\u308c\u305f\u5834\u6240\u306b\u884c\u304f\u3068\u554f\u984c\u306a\u304f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u8a3c\u660e\u66f8\u304c\u3042\u308c\u3070\u6210\u529f\u3067\u3059\u3002<\/p>\n
drwxr-xr-x 2 root root 93 2\u6708 13 14:27 .\ndrwx------ 3 root root 54 2\u6708 13 14:27 ..\n-rw-r--r-- 1 root root 692 2\u6708 13 14:27 README\nlrwxrwxrwx 1 root root 50 2\u6708 13 14:27 cert.pem -> ..\/..\/archive\/test-ssl.net \/cert1.pem\nlrwxrwxrwx 1 root root 51 2\u6708 13 14:27 chain.pem -> ..\/..\/archive\/test-ssl.net \/chain1.pem\nlrwxrwxrwx 1 root root 55 2\u6708 13 14:27 fullchain.pem -> ..\/..\/archive\/test-ssl.net \/fullchain1.pem\nlrwxrwxrwx 1 root root 53 2\u6708 13 14:27 privkey.pem -> ..\/..\/archive\/test-ssl.net \/privkey1.pem\n<\/code><\/pre>\n\u3042\u3068\u306fCron\u3067\u5b9a\u671f\u7684\u306b\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u3067\u5b9f\u884c\u3057\u3066\u3042\u3052\u308c\u3070\u81ea\u52d5\u66f4\u65b0\u304c\u51fa\u6765\u308b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
certbot renew\n<\/code><\/pre>\n\u6709\u52b9\u671f\u9650\u304c\u6765\u3066\u3044\u306a\u3044\u72b6\u614b\u3067\u66f4\u65b0\u3057\u305f\u3044\u5834\u5408<\/h1>\n
\u624b\u98061\u304b\u3089\u624b\u980610\u307e\u3067\u884c\u3048\u3070SSL\u8a3c\u660e\u66f8\u304c\u767a\u884c\u3055\u308c\u308b\u3068\u601d\u3044\u307e\u3059\u3002
\n\u3082\u3057\u767a\u884c\u3055\u308c\u3066\u304b\u3089\u3061\u3083\u3093\u3068\u66f4\u65b0\u3055\u308c\u308b\u304b\u5fc3\u914d\u3068\u3044\u3046\u65b9\u306f\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3059\u308c\u3070\u6709\u52b9\u671f\u9650\u304c\u6765\u3066\u3044\u306a\u304f\u3066\u3082\u7121\u7406\u3084\u308a\u66f4\u65b0\u304c\u51fa\u6765\u307e\u3059\u306e\u3067\u8a66\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
certbot renew --force-renewal\n<\/code><\/pre>\n\u88dc\u8db3<\/h1>\n
\u624b\u98061\u304b\u3089\u624b\u98068\u307e\u3067\u4f5c\u6210\u3059\u308bCloudFormation\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4e0b\u8a18\u306b\u8a18\u8f09\u3057\u3066\u304a\u304d\u307e\u3059\u306e\u3067\u3088\u304b\u3063\u305f\u3089\u4f7f\u7528\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002\u203b\u624b\u98067\u306f\u9664\u304f\u3002<\/p>\n
AWSTemplateFormatVersion: \"2010-09-09\"\nDescription:\n VPC + EC2 Create\n\nMetadata:\n \"AWS::CloudFormation::Interface\":\n ParameterGroups:\n - Label:\n default: \"Project Name Prefix\"\n Parameters:\n - PJPrefix\n - Label:\n default: \"Network Configuration\"\n Parameters:\n - VPCCIDR\n - PublicSubnetACIDR\n - Label:\n default: \"EC2Instance Configuration\"\n Parameters:\n - KeyPairName\n - EC2InstanceName\n - EC2InstanceAMI\n - EC2InstanceInstanceType\n - EC2InstanceVolumeType\n - EC2InstanceVolumeSize\n - AllowIP\n\n ParameterLabels:\n# Network Configuration\n VPCCIDR:\n default: \"VPC CIDR\"\n PublicSubnetACIDR:\n default: \"PublicSubnetA CIDR\"\n\n# EC2Instance Configuration\n KeyPairName:\n default: \"KeyPairName\"\n EC2InstanceName:\n default: \"EC2 Name\"\n EC2InstanceAMI:\n default: \"EC2 AMI\"\n EC2InstanceInstanceType:\n default: \"EC2 InstanceType\"\n EC2InstanceVolumeType:\n default: \"EC2 VolumeType\"\n EC2InstanceVolumeSize:\n default: \"EC2 VolumeSize\"\n\n# Securitygroup Configuration\n AllowIP:\n default: \"AllowIP\"\n\n# hostedzoneID Configuration\n HostedzoneID:\n default: \"HostedzoneID\"\n\n# ------------------------------------------------------------#\n# Input Parameters\n# ------------------------------------------------------------#\n\nParameters:\n PJPrefix:\n Type: String\n\n# Network\n VPCCIDR:\n Type: String\n Default: \"10.1.0.0\/16\"\n PublicSubnetACIDR:\n Type: String\n Default: \"10.1.1.0\/24\"\n\n# EC2Instance\n KeyPairName:\n Type: AWS::EC2::KeyPair::KeyName\n EC2InstanceName:\n Type: String\n EC2InstanceAMI:\n Type: String\n Default: \"ami-xxxxx\" \n EC2InstanceInstanceType:\n Type: String\n Default: \"t3.nano\"\n EC2InstanceVolumeType:\n Type: String\n Default: \"gp2\"\n EC2InstanceVolumeSize:\n Type: String\n Default: \"8\"\n\n# Securitygroup\n AllowIP:\n Type: String\n Default: xx.xx.xx.xx\/32\n\n# hostedzoneID Configuration\n HostedzoneID:\n Type: String\n Default: \"xxxxxxxx\"\n\nResources:\n# ------------------------------------------------------------#\n# VPC\n# ------------------------------------------------------------#\n\n# VPC Create\n VPC:\n Type: \"AWS::EC2::VPC\"\n Properties: \n CidrBlock: !Ref VPCCIDR\n InstanceTenancy: default\n EnableDnsSupport: \"true\"\n EnableDnsHostnames: \"true\"\n Tags: \n - Key: Name\n Value: !Sub \"${PJPrefix}-vpc\"\n\n# InternetGateway Create\n InternetGateway:\n Type: \"AWS::EC2::InternetGateway\"\n Properties:\n Tags:\n - Key: Name\n Value: !Sub \"${PJPrefix}-igw\"\n\n# IGW Attach\n InternetGatewayAttachment:\n Type: \"AWS::EC2::VPCGatewayAttachment\"\n Properties:\n InternetGatewayId: !Ref InternetGateway\n VpcId: !Ref VPC\n\n# ------------------------------------------------------------#\n# EC2 Subnet\n# ------------------------------------------------------------\n\n PublicSubnetA:\n Type: \"AWS::EC2::Subnet\"\n Properties:\n AvailabilityZone: \"ap-northeast-1a\"\n CidrBlock: !Ref PublicSubnetACIDR\n VpcId: !Ref VPC\n Tags:\n - Key: Name\n Value: !Sub \"${PJPrefix}-public02-1a\"\n\n# ------------------------------------------------------------#\n# RouteTable\n# ------------------------------------------------------------#\n\n PublicRouteTable:\n Type: \"AWS::EC2::RouteTable\"\n Properties:\n VpcId: !Ref VPC\n Tags:\n - Key: Name\n Value: !Sub \"${PJPrefix}-public-route01\"\n\n# ------------------------------------------------------------#\n# Route\n# ------------------------------------------------------------#\n\n PublicRouteMain:\n Type: \"AWS::EC2::Route\"\n Properties:\n RouteTableId: !Ref PublicRouteTable\n DestinationCidrBlock: \"0.0.0.0\/0\"\n GatewayId: !Ref InternetGateway\n\n# ------------------------------------------------------------#\n# EC2 RouteTable Associate\n# ------------------------------------------------------------#\n\n PublicSubnetARouteTableAssociation:\n Type: \"AWS::EC2::SubnetRouteTableAssociation\"\n Properties:\n SubnetId: !Ref PublicSubnetA\n RouteTableId: !Ref PublicRouteTable\n\n# ------------------------------------------------------------#\n# IAM Policy(ManagedPolicy)\n# ------------------------------------------------------------# \n\n WEBEC2IAMPolicy:\n Type: AWS::IAM::ManagedPolicy\n Properties:\n ManagedPolicyName: !Sub \"${PJPrefix}-${EC2InstanceName}-policy\"\n PolicyDocument:\n Version: \"2012-10-17\"\n Statement:\n - Effect: Allow\n Action:\n - \"route53:GetChange\"\n - \"route53:ListHostedZones\"\n Resource: \"*\"\n - Effect: Allow\n Action:\n - \"route53:ChangeResourceRecordSets\"\n Resource:\n - !Sub \"arn:aws:route53:::hostedzone\/${HostedzoneID}\"\n Roles:\n - !Ref WEBEC2IAMRole\n\n# ------------------------------------------------------------#\n# IAM Role for WEB EC2\n# ------------------------------------------------------------# \n\n WEBEC2IAMRole: \n Type: \"AWS::IAM::Role\"\n Properties: \n RoleName: !Sub \"${PJPrefix}-${EC2InstanceName}-role\"\n AssumeRolePolicyDocument: \n Version: \"2012-10-17\"\n Statement: \n - Effect: Allow\n Principal: \n Service: \n - \"ec2.amazonaws.com\"\n Action: \n - \"sts:AssumeRole\"\n Path: \"\/\"\n ManagedPolicyArns: \n - \"arn:aws:iam::aws:policy\/AmazonSSMManagedInstanceCore\"\n\n WEBEC2InstanceProfile: \n Type: \"AWS::IAM::InstanceProfile\"\n Properties: \n Path: \"\/\"\n Roles: \n - Ref: WEBEC2IAMRole\n InstanceProfileName: !Sub \"${PJPrefix}-${EC2InstanceName}-profile\"\n\n# ------------------------------------------------------------#\n# WEB EC2Instance AZ:A\n# ------------------------------------------------------------#\n\n WEBEC2Instance01:\n Type: \"AWS::EC2::Instance\"\n Properties:\n Tags:\n - Key: Name\n Value: !Sub \"${PJPrefix}-${EC2InstanceName}02\"\n ImageId: !Ref EC2InstanceAMI\n InstanceType: !Ref EC2InstanceInstanceType\n KeyName: !Ref KeyPairName\n IamInstanceProfile: !Ref WEBEC2InstanceProfile\n DisableApiTermination: false\n EbsOptimized: false\n BlockDeviceMappings:\n - DeviceName: \/dev\/xvda\n Ebs:\n DeleteOnTermination: true\n VolumeType: !Ref EC2InstanceVolumeType\n VolumeSize: !Ref EC2InstanceVolumeSize\n SecurityGroupIds:\n - !Ref PublicSecurityGroup\n SubnetId: !Ref PublicSubnetA\n UserData: !Base64 |\n #! \/bin\/bash\n timedatectl set-timezone Asia\/Tokyo\n hostnamectl set-hostname xxx-web-ec2\n localectl set-locale LANG=ja_JP.utf8\n yum update\n amazon-linux-extras install -y python3.8\n echo 'alias python=python3.8' >> ~\/.bashrc\n echo 'alias pip=pip3.8' >> ~\/.bashrc\n source ~\/.bashrc\n pip3.8 install pipenv\n pip3.8 install certbot-dns-route53\n\n# ------------------------------------------------------------#\n# WEB SecurityGroup for EC2 public\n# ------------------------------------------------------------#\n\n# SecurityGroup\n PublicSecurityGroup:\n Type: \"AWS::EC2::SecurityGroup\"\n Properties:\n VpcId: !Ref VPC\n GroupName: !Sub \"${PJPrefix}-public-sg01\"\n GroupDescription: \"-\"\n Tags:\n - Key: \"Name\"\n Value: !Sub \"${PJPrefix}-public-sg01\"\n# Rule01\n SecurityGroupIngress:\n - IpProtocol: tcp\n FromPort: 22\n ToPort: 22\n CidrIp: !Ref AllowIP\n\n# ------------------------------------------------------------#\n# ElasticIP for EC2Instance01\n# ------------------------------------------------------------#\n\n ElasticIP01:\n Type: \"AWS::EC2::EIP\"\n Properties:\n Domain: vpc\n\n ElasticIPAssociate01:\n Type: AWS::EC2::EIPAssociation\n Properties:\n AllocationId: !GetAtt ElasticIP01.AllocationId\n InstanceId: !Ref WEBEC2Instance01\n<\/code><\/pre>\n\u6700\u5f8c\u306b<\/h1>\n
\u3044\u304b\u304c\u3060\u3063\u305f\u3067\u3057\u3087\u3046\u304b\u3002
\n\u306a\u304b\u306a\u304b\u4f7f\u7528\u3059\u308b\u6a5f\u4f1a\u306f\u306a\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\u3001Route53\u3092\u4f7f\u7528\u3057\u3066Let’s Encrypt\u3067\u767a\u884c\u3055\u308c\u308bSSL\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u51fa\u6765\u308b\u3068\u3044\u3046\u4e8b\u304c\u5206\u304b\u308a\u307e\u3057\u305f\u306d\u3002
\n\u3053\u306e\u8a18\u4e8b\u304c\u8ab0\u304b\u306e\u52a9\u3051\u306b\u306a\u308c\u3070\u5e78\u3044\u3067\u3059\u3002<\/p>\n
\u305d\u308c\u3067\u306f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u3053\u3093\u306b\u3061\u306f\u3002\u68ee\u3067\u3059\u3002 \u4ee5\u524d\u3001Route53\u3092\u4f7f\u7528\u3057\u3066Let’s Encrypt\u3067\u767a\u884c\u3055\u308c\u308bSSL\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3092\u884c\u3063\u305f\u306e\u3067\u5099\u5fd8\u9332\u7684\u306b\u8a18\u8f09\u3092\u3057\u3066\u3044\u304d\u307e\u3059\u3002 \u901a\u5e38\u3001Let’s Encrypt\u3067\u767a\u884c\u3055\u308c\u305f […]<\/p>\n","protected":false},"author":7,"featured_media":10303,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[24,151,149,150],"_links":{"self":[{"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/posts\/10294"}],"collection":[{"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10294"}],"version-history":[{"count":13,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/posts\/10294\/revisions"}],"predecessor-version":[{"id":10369,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/posts\/10294\/revisions\/10369"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=\/wp\/v2\/media\/10303"}],"wp:attachment":[{"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/test.ecomottblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}